Gary E. Miller via devel <devel@ntpsec.org>: > > This opens a can of worms, though. Should we drop the entire > > interface command? > > Yes, after years of deprecation. At least to start we want to be drop=in > replacement for NTP Classic.
I think you're now trying to have things both ways. If we drop filtering by name we're already compromising "drop-in replacement". I'm OK with doing this if there's a solid security reason for it that we can tell people who might get annoyed. The point of *this* part of the discussion is that if we accept Mark's security rationale (which I don't disagree with) then *every* form of userspace packet filtering NTP does is a defect and should be flushed. Please either choose one drop/no-drop or explain why these cases should be treated separately. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a> My work is funded by the Internet Civil Engineering Institute: https://icei.org Please visit their site and donate: the civilization you save might be your own.
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel